Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

THREAT MODELING > THREAT MODELING FRAMEWORKS > Flashcards

THREAT MODELING FRAMEWORKS Flashcards

1
Q

BELL LA PADULA MODEL

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

BIBA MODEL

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

GENERAL THREAT MODELING PRINCIPLES

A

PREPARATION
IDENTIFICATION
MITIGATIONS
REVIEW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

STRIDE

A

S-spoofing
T-tampering
R-repudiation
I-Information Disclosure
D-Denial of service
E-Elevation of privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PASTA

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

THREAT INTELLIGENCE

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ASSET IDENTIFICATION

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

MITIGATION CAPABILITIES

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RISK ASSESSMENT

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SPOOFING

A

This principle requires you to authenticate requests and users accessing a system. Spoofing involves a malicious party falsely identifying itself as another.

Access keys (such as API keys) or signatures via encryption helps remediate this threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

TAMPERING

A

By providing anti-tampering measures to a system or application, you help provide integrity to the data. Data that is accessed must be kept integral and accurate.

For example, shops use seals on food products.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

REPUDIATION

A

This principle dictates the use of services such as logging of activity for a system or application to track.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

INFORMATION DISCLOSURE

A

Applications or services that handle information of multiple users need to be appropriately configured to only show information relevant to the owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DENIAL OF SERVICE

A

Applications and services use up system resources, these two things should have measures in place so that abuse of the application/service won’t result in bringing the whole system down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CIA TRIAD

A

CONFIDENTIALITY
INTEGRITY
AVAILABILITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ELEVATION OF PRIVILEGE

A

This is the worst-case scenario for an application or service. It means that a user was able to escalate their authorization to that of a higher level i.e. an administrator. This scenario often leads to further exploitation or information disclosure.

17
Q

CONFIDENTIALITY

A
18
Q

INTEGRITY

A
19
Q

AVAILABILITY

A
20
Q

INCIDENT

A
21
Q

INCIDENT RESPONSE

A
22
Q

PHASES OF INCIDENT RESPONSE

A

PREPARATION
IDENTIFICATION
CONTAINMENT
ERADICATION
RECOVERY
LESSONS LEARNED

23
Q

PREPARATION

A

Do we have the resources and plans in place to deal with the security incident?

24
Q

IDENTIFICATION PHASE

A

Has the threat and the threat actor been correctly identified in order for us to respond to?

25
Q

CONTAINMENT PHASE

A

Can the threat/security incident be contained to prevent other systems or users from being impacted?

26
Q

ERADICATION PHASE

A

Remove the active threat.

27
Q

RECOVERY PHASE

A

Perform a full review of the impacted systems to return to business as usual operations.

28
Q

CRYPTOGRAPHIC FAILURE

A
29
Q

LESSONS LEARNED PHASE

A

What can be learnt from the incident? I.e. if it was due to a phishing email, employees should be trained better to detect phishing emails.

30
Q

IDOR

A
31
Q
A

THREAT MODELING (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions